Vulnerabilidades em Red Hat

1.513 resultados
Análise Vexday

Com 1.477 CVEs catalogadas e 232 surgidas apenas nos últimos 90 dias, o volume de vulnerabilidades associadas ao Red Hat exige monitoramento contínuo. A taxa de exploração ativa está abaixo da média geral do catálogo, com apenas 1 CVE confirmada no CISA KEV — a CVE-2023-4911, que apresenta EPSS de 0,7861, indicando probabilidade elevada de exploração e merecendo atenção prioritária de equipes de resposta. Das 34 vulnerabilidades de severidade crítica, 18 contam com prova de conceito pública disponível, o que reduz a barreira técnica para exploração e aumenta o risco operacional. O tipo de falha mais recorrente é CWE-125 (leitura fora dos limites), padrão que frequentemente viabiliza vazamento de dados ou corrupção de memória e deve orientar revisões de hardening e priorização de patches.

CVE-2025-7777MEDIUMMirror-registry: host header injection in mirror-registryEPSS 0.2%CVE-2026-12515MEDIUMKatello: missing repository authorization in content_uploads exposes cross-product content existenceEPSS 0.2%CVE-2026-40918MEDIUMGimp: gimp: denial of service via crafted pvr image fileEPSS 0.2%CVE-2024-4840MEDIUMRhosp-director: cleartext passwords exposed in logsEPSS 0.2%CVE-2026-10078LOWQuay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystringEPSS 0.2%CVE-2024-45782HIGHGrub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382)EPSS 0.2%CVE-2025-9908MEDIUMEvent-driven-ansible: sensitive internal headers disclosure in aap eda event streamsEPSS 0.2%CVE-2026-12992HIGHApicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validationEPSS 0.2%CVE-2026-1757MEDIUMLibxml2: memory leak leading to local denial of service in xmllint interactive shellEPSS 0.2%CVE-2025-48797HIGHGimp: multiple heap buffer overflows in tga parserEPSS 0.2%CVE-2026-0810HIGHGix-date: gix-date: undefined behavior due to invalid string generationEPSS 0.2%CVE-2025-6196MEDIUMLibgepub: integer overflow in libgepub's epub archive handlingEPSS 0.2%CVE-2026-53703HIGHGstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer audio stream header parserEPSS 0.2%CVE-2023-1633MEDIUMInsecure barbican configuration file leaking credentialEPSS 0.2%CVE-2025-61662HIGHGrub2: missing unregister call for gettext command may lead to use-after-freeEPSS 0.2%CVE-2025-6170LOWLibxml2: stack buffer overflow in xmllint interactive shell command handlingEPSS 0.2%CVE-2019-3805MEDIUMA flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminateEPSS 0.2%CVE-2026-2604MEDIUMEvolution-data-server: evolution data server: arbitrary file deletion via inconsistent uri handlingEPSS 0.2%CVE-2024-2307MEDIUMOsbuild-composer: race condition may disable gpg verification for package repositoriesEPSS 0.2%CVE-2023-4134MEDIUMKernel: cyttsp4_core: use-after-free in cyttsp4_watchdog_work()EPSS 0.2%